Enhancing the Ability of Inter-Domain IP Spoofing Prevention
DOI:
Author:
Affiliation:

Clc Number:

Fund Project:

  • Article
  • |
  • Figures
  • |
  • Metrics
  • |
  • Reference
  • |
  • Related
  • |
  • Cited by
  • |
  • Materials
  • |
  • Comments
    Abstract:

    The validation of source IP addresses becomes the key technique for devising a trustworthy network. However, inter-domain IP spoofing preventions based on source-destination labels and end-hosts IP authentications based on source labels both adopt end to end mode to solve the problem, which ignores the flooding of spoofing packets on middle networks. To address this problem, an enhancing mechanism for the inter-domain IP spoofing prevention service, ESP (enhanced spoofing prevention), is proposed. Via integrating path labels into source labels, ESP reduces the collision of source labels at destination networks and enables filtering IP spoofing packets toward other nodes in middle networks, thus prevents flooding attacks in advance and extends the protected domain of the spoofing prevention. Based on BGP (border gateway protocol) update ESP develops the validation of prefix security to restrict the scope of the propagation of labels, thus decreases the cost of computing and storing of labels. The abilities of IP spoofing prevention and filtering spoofing packets in advance are demonstrated in the topology, which is constructed based on RIB (routing information base) provided by Routeview.

    Reference
    Related
    Cited by
Get Citation

吕高锋,孙志刚,卢锡城.域间IP欺骗防御服务增强机制.软件学报,2010,21(7):1704-1716

Copy
Share
Article Metrics
  • Abstract:
  • PDF:
  • HTML:
  • Cited by:
History
  • Received:July 28,2008
  • Revised:December 29,2008
  • Adopted:
  • Online:
  • Published:
You are the firstVisitors
Copyright: Institute of Software, Chinese Academy of Sciences Beijing ICP No. 05046678-4
Address:4# South Fourth Street, Zhong Guan Cun, Beijing 100190,Postal Code:100190
Phone:010-62562563 Fax:010-62562533 Email:jos@iscas.ac.cn
Technical Support:Beijing Qinyun Technology Development Co., Ltd.

Beijing Public Network Security No. 11040202500063